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DETAILED ACTION 

1. Claims 1-9, 12,15, and 18 are pending. 

Response to Arguments 

1 . Applicant's arguments filed 21 December 2007 have been fully considered but 
they are not persuasive. 

2. Referring to the rejection of claims 12,15, and 18, the Applicant contends that the 
prior art Du et al. does not teach, disclose, nor suggest the invention in the same level 
of detail as recited in the claims, wherein logging onto the smartcard is not shown. 

The Examiner respectfully disagrees and asserts that the storing of logging onto a 
smartcard/information is absent a specific definition within the specification. Therefore, 
the most reasonable interpretation for storing user logon information would be any 
information stored that is used in the login process. As shown in Du et al., the key is 
stored in the smart card and would meet this feature within the claim. On page 5, 
Section 0062, Du et al. discloses each smart card is unique and stores the encryption 
key which contains the user's login information. The encryption key only exists on the 
smart card and is not stored on the server. On page 5, Section 0069, Du et al. discloses 
when a smart card is inserted into the computer, the computer boots up into its normal 
operating system. This allows the user to enter networks and web sites that requires a 
login procedure, by using the user's passwords which are stored onto the smartcard. 
The smart card will automatically login the user to the web site. 

3. Therefore, the rejection of claims 1 2,1 5, and 1 8 are maintained in view of the 
reasons above and in view of the reasons below. 
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Allowable Subject Matter 

4. Prosecution on the merits of this application is reopened on claims 12,15, and 18 
are considered unpatentable for the reasons indicated below: storing user logon 
information for at least one service provider server on a portable user-controlled secure 
device, said at least one service provider server comprising at least one network server 
that is capable of providing a service to a user, and logging on to said portable user- 
controlled secure device, said logging on providing access to said at least one service 
provider server. 

5. The indicated allowability of claims 12,15, and 1 8 is withdrawn in view of the 
newly discovered reference(s) to Du et al. (Pub No. 20020029348). Rejections based 
on the newly cited reference(s) follow. 

6. Claims 1-9 are allowed. 

7. The following is an examiner's statement of reasons for allowance: The present 
invention is directed towards a method and system for managing identification in a data 
communications network wherein receiving a user-controlled secure storage device and 
enrolling the user with an authority network site. Claims 1,2,4,5,7, and 8 identifies the 
uniquely distinct features "receiving a portable user-controlled secure storage 
device; enrolling a user of said portable user-controlled secure storage device 
with an authority network site, said enrolling comprising providing information 
requested by said authority network site; receiving user data in response to said 
enrolling; storing said user data in said portable user-controlled secure storage 
device; enabling said portable user-controlled secure storage device to release 
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said user data; and using said user data, from said portable user-controlled 
secure storage device, at a service provider network site to obtain a service ". 
Claims 3,6, and 9 identifies the uniquely distinct features "presenting an identity 
credential request and data to be stored to a federated identity server via a client 
host; receiving an identity credential in response to said identity credential 
request, said identity credential comprising a randomized ID and an identification 
authority ID, said federated identity server capable of verifying the truthfulness, 
accuracy and completeness of said data to be stored; presenting a service 
request and said identity credential to a service portal, said service portal 
configured to issue an authentication request to said federated identity server; 
receiving a logon credential in response to said service request, said login 
credential comprising an indication of the client host used by the user; and using 
said logon credential to obtain a service from a service provider accessible via 
said service portal ". 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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9. Claims 12,15, and 18 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Du et al. (Pub No. 20020029348). 

As per claims 12,15, and 18, Du et al. discloses a smart card (i.e. "portable user- 
controlled secure device") security information configuration and recovery system 
providing a secure Web site and server that allows smart card uses to easily create and 
obtain smart cards and passwords (See Abstract) 

Du et al. discloses a portable user-controlled secure device (i.e., laptops, 
notebooks, and PDAs) in combination with a smart card for use in secure login (See 
page 1, paragraphs (0003-0004 and 0010). 

Du et al. discloses accessing the logon information for an ISP and web site (i.e. 
"at least one network server that is capable of providing a service to a user") when the 
smart card is read via auto launch at boot-up (i.e. "logging on to said portable user- 
controlled device") when the user specifies to the invention the data needed to establish 
at least a portion of his mobile personal environment through the invention's user 
interface. (See pages 2-3, paragraphs 0037-0040) 

As such, Du et al. discloses within the reference the means for gathering the 
username, password, and Internet site bookmark data in order to gain access 
immediately and directly to the Internet site that constitutes at least some part of the 
mobile computer user's mobile personal environment (i.e. "at least one service provider 
server"). (See page 3, paragraph 0040) 
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Conclusion 

1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to COURTNEY D. FIELDS whose telephone number is 
(571 )272-3871 . The examiner can normally be reached on Mon - Thurs. 6:00 - 4:00 
pm; off every Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

10. D. F./ 

Examiner, Art Unit 2137 
February 15, 2008 



/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2137 



